I wouldn't trust it though. My friend installed Chrome and it was able to copy his passwords over. If Chrome can do it, viruses can.
–
tjamesonApr 5 '11 at 17:51

He didn't use encryption in that case. If he did, this wouldn't work.
–
HennoApr 5 '11 at 17:55

If the OP encrypted these files, he would be safe...
–
studiohack♦Apr 5 '11 at 17:59

tjameson suggests that since Chrome can copy the passwords they are not safe. This isn't necessarily so. The passwords are encrypted using the master password. Chrome can copy the files containing the encrypted password, and it can decrypt them if it has the master password. It knows how to decrypt them because the method of encryption is public. It's the key (the master password) that keeps things safe. So the reason Chrome was able to decrypt the file was that the user supplied the master password.
–
Wayne JohnstonApr 6 '11 at 1:31

password forensics has an overview and tools for recovery. The latter is a brute force attack on the master password (if you have it, which you should). The security is as good as your password, basically. This link has more details (same site).

My friend had a master password set, but that wasn't enough to stop Chrome from copying the passwords over. I wouldn't trust the security of it. Any virus that knows how to make SQLite queries can recover data.
–
tjamesonApr 5 '11 at 17:57